The Internet of things (IoT) network consists of many heterogeneous devices that are connected and to the internet. The IoT architecture contains three layers which are called perception layer, network layer, and application layer. First, the perception layer is composed of physical devices. Then, the functionality of the network layer is to provide the communication medium. Finally, the application layer is responsible for providing services to users. Figure 1 shows that data is generated by the devices in the perception layer then it can be forwarded to the network layer using the sink node. Finally, it can be transferred to a cloud that analyzes and stores data. Different applications/services can be provided to users using these data. The applications of IoT include smart home, smart healthcare, smart transport, smart grid, etc.
IoT has many advantages regarding time efficiency, money savings, and improved quality of life, but IoT devices make the system more vulnerable to risks that can give hackers and cyber criminals opportunities to exploit sensitive information. IoT includes many heterogeneous devices and each device uses a different access protocol that respond to user requirements to upgrade security measures and various access mechanisms. Hence each application has its performance and security requirements that differ from any application. So security, privacy, scalability, and interoperability are considered the main challenges in IoT.
The concept of SDN based security has been grown quickly in the area of IoT. SDN offers solutions to problems related to IOT security. The main property of an SDN architecture is that it has the ability to separate forwarding functions and network control. Hence, network control can be accomplished, directly [7]. This separation makes network management easy [2]. This feature of SDN introduces several advantages. First, it facilitates network system management and reduces human intervention. In addition, it enables IT administrators to manage network devices without limitation to a particular vendor. Finally, it decreases operation cost compared with those of the conventional networks, since no programming language is required for the underneath infrastructure devices [8]. To maintain a high level of security and network monitoring, it is required to allow machine learning and deep learning (ML/DL) approaches to be merged with SDN controllers [6].
Due to continuous rise of cyber-attacks all over the world [1], the research in IDS grows quickly in the academic and industrial communities. Malicious insiders, denial of services, and web-based attacks are the main reasons that cause more dangerous cybercrimes. These cybercrimes may distribute country's critical national infrastructure by giving the opportunities for malicious software to creep into the system. Hence to avoid unauthorized access, some programs such as a firewall, antivirus software, and an intrusion detection system (IDS) are deployed by many organizations to protect them from losing their intellectual property. To determine cyber-attacks rapidly, first you should identify the attack process early [1] from the network utilizing IDS. Then you should use intrusion detection systems (IDS) to identify malicious activities including viruses, worm, DDOS attacks. Irregularity detection speed, accuracy, and reliability are the basic achievement factors for IDS. Therefore ML/DL approaches can be merged with SDN-based intrusion detection to introduce several advantages such as high Quality of Service (QoS), security enforcement, and virtual management. Other advantages introduced by SDN are enhancing the network security, eliminating hardware dependency and achieving flexibility to program network devices [4, 5]. The recent development concentrates on utilizing a new network architecture, namely, the software-defined network (SDN) to execute IDS with machine learning approaches [6]. A few researchers studied integrating SDN with IoT as shown in Table 1.
When services and devices are increased in the network, IoT should be scalable and feasible enough to accommodate these changes in the network. IoT system has limited resources, and hence security mechanisms may not be supportable. The combination of Blockchain (BC) [70] with IoT provides a solution to such difficulties. The advantage of using BC is that it has a scalable, distributed, and decentralized nature that makes it the perfect solution for the improvement of various IoT aspects. This paper introduces a review study on intrusion detection in software-defined networking as well as exploring the using Blockchain for SDN security. Therefore, the contribution of this paper can be summarized as the following:
-
Study the concept and architecture of intrusion detection systems.
-
Exploring the SDN architecture and its applications along with reviewing the IDS for SDN associated with applying ML/DL.
-
Exploring the SDN-based IoT system.
-
Presenting perceptions and concerns of Blockchain (BC) technology, BC-based IoT, and BC-SDN-IoT systems.
-
Discussing open research directions of this innovative paper’s subject.
The rest of this paper has organized as follows
Sect. 2 presents IDS followed by common datasets used in IDS. Section 3 provides ML approaches and consequently ML/DL based IDS observation. In Sect. 4, an outline of SDN architecture and applications is provided. We likewise survey IDS for SDN related with applying ML/DL to SDN-based IDS are talked about. Section 5 discusses the SDN-based IoT system. A brief description of BC technology, BC-based IoT, and BC-SDN-IoT systems are given in Sect. 6. Section 7 provides the Open Issues and Future Research Directions while Sect. 8 concludes the paper with future works.
Table 1 Summary of SDN based IoT.